← back
CVE-2022-42894

CVE-2022-42894

CVSS 7.5 HIGHEPSS 0.6%CWE-918
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Nov 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Siemens · syngo Dynamics

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697